package at.codebase.security;

import org.apache.commons.lang3.StringEscapeUtils;

/**
 * Contains static functions to take care of security in the application.
 * 
 * @author Daniel Marth <danielmarth@gmx.at>
 */
public class SecurityUtils {

	public static String sanatize(String str) {
		/*
		 * String secured = str.replace("<", "&lt;"); // ...
		 */
		// TODO: Maybe replace this with an own implementation?
		String secured = StringEscapeUtils.escapeHtml4(str);
		return secured;
	}

	public static final String AllowedQueryCharacters = "[^a-zA-Z0-9äöüÄÖÜ\\s\"\'\\.]";

	public static String sanatizeSearchQuery(String str) {
		return str.replaceAll(AllowedQueryCharacters, "")
				.replaceAll("\\s", " ");
	}

}
